Android devices still vulnerable to Heartbleed bug

US-based tech giant Google announced recently that handsets, as well as tablets which are running on version 4.1.1 of the mobile operating system Android Jelly Bean are still vulnerable to the Heartbleed bug. Even though the company has created a fix since then, it still has not been released for all devices which cannot run higher versions of the operating system.

In addition to that, the bug puts users at risk of losing sensitive data. Moreover, security firms have warned that hundreds of apps which are available across multiple platforms need to be fixed. This also includes the popular BBM platform of BlackBerry for iOS and Android. The Canadian company has stated that it will not release the fix until April 18, 2014.

Meanwhile, the program is available for download from Apple’s App Store and Google Play. The vulnerability of the recent versions was revealed on April 7, 2014, after researchers from the search engine giant and Codenomicon independently found the problem. The researchers came to a conclusion that due to a coding mishap, hackers might be able to access 64 kilobytes of unencrypted data from the working memory of systems which are using vulnerable versions of OpenSSL.

Even though this is a small amount, hackers can opt to repeat the process and increase their haul. On the other hand, 64K is enough to get access to passwords, as well as server certificate private keys.